Webroot SecureAnywhere®
Web Security Service

Using Global Secure Datacenters

Operational Resilience And Security

To ensure the high security of operations—and the customer data processed—Webroot® implements multiple layers of protection within global co-location centers. These defenses include control over personnel, access and change management controls, and strict enforcement of security policies.

Webroot also mandates the use of state-of-the-art vulnerability assessment technologies and conducts regular vulnerability scans to ensure that any potential areas of risk are promptly identified and remedied.

In addition to strict internal security standards, Webroot has also passed an independent SAS70 Type I audit for the Webroot SecureAnywhere Web Security Service. These validations help to reduce operational risk while assuring customers of the integrity of the service.

The entire implementation has been very smooth; there hasn’t been any downtime and Webroot’s support team has been responsive and helpful. We’re extremely happy with the results!

Leo Fredette, Systems Administrator, Massachusetts Association of Insurance Agents

Operational Overview

The Webroot SecureAnywhere Web Security Service operates a managed proxy service located in Tier1 secure datacenters. To ensure optimal performance and redundancy, the Webroot web proxy load-balances web traffic across a large array of web proxies. HTTP and HTTPS traffic is routed through the Webroot SecureAnywhere Web Security Service proxy where filtering occurs based on each organization’s pre-configured policies. The service provides the ability to authenticate both at the IP address level and at the individual user level, enabling both execution of granular policies and detailed logging.

All user URLs are stored within Webroot datacenters for reporting and logging purposes only, and no data within the URL is stored. Any account information sent via HTTPS or SSL automatically passes through the system being filtered or stored.

The service provides connectivity options for interfacing with existing infrastructure. For example, the service can be synchronized with an LDAP server to gain user information and create user-based policies specific to those users.

Mission Critical Application Architecture

Within each geographical region serviced by Webroot, core services are designed as fully redundant (N+1) clusters. As a result, even if an entire datacenter went offline, all Webroot services would continue to operate without interruption, and access to static stored data (logs, reports, archives, etc.) would be preserved.

The Webroot SecureAnywhere Web Security Service infrastructure is hosted in state-of-the-art datacenters that are purpose-built to house mission-critical services applications. Each datacenter meets strict guidelines regarding building security, air conditioning, fire protection, physical access, connectivity to the Internet backbone, and power feeds.

Minimized Web Latency

A wide range of factors that govern all traffic on the Internet influence web latency. These include the speed of servers delivering page content, peering arrangements of the ISP, distance and number of hops for the round trip from the user to the web server, as well as odd delays caused by unknown problems such as defunct routers or service providers suffering DDOS attacks.

Webroot, or any other service provider, cannot control these factors or specify SLAs for total web latency. However, Webroot strives to minimize the time it takes for web traffic to flow through the service. Using custom proxy servers that examine all web traffic and apply policies reduces any latency added by the service to milliseconds, which is not noticeable by users.

Compressing all user web requests on the fly further enhances performance.

Next: Customizable Web Security Dashboard »